An email from a Facebook friend turned a phishing attack for some

A phishing attack hit Facebook users on Wednesday as reported by the PCWorld. Using phoney e-mail messages, appearing to come from Facebook, cybercrooks were trying to lure upright subscribers into giving away their personal sensitive information.

The messages with the Subject line “Hello” pretended to come from a friend according to TechCrunch, which first reported the attack. Then it prompted Facebook users to visit a malicious website Fbaction.net, which looks like a Facebook log-in page. The message simply invited the victim to "Visit http://www.facebook.com/l/4253f;http://fbaction.net/"

When following the link Facebook users can see several warning messages appearing on their screens. First one pops up when they click on the link in the original message and are redirected away from Facebook's Web site. Another link comes when they are trying to access their supposed accounts and enter their username and password. The message advises them to change their password and users are again redirected to the genuine Facebook site.

Interestingly the Fbaction.net does not attack users’ computers but just collects their information. Experts believe that criminals collect this information as often Internet users have the same login and password on several websites. In addition hackers can use this data for further attacks.

The site was live Wednesday afternoon but Facebook is reportedly working to blacklist the domain and hoping to have the site shut down.

"We are aware of this phishing domain and have already begun to take action," the company said in a statement.

"Our user operations team has blocked the domain from being shared on Facebook and is removing the content retroactively from any messages. They will also be resetting passwords of senders to remove access from an attacker. We're also reaching out to the ISPs to get information and will attempt to build a civil and/or criminal case against the owners."